In PKC 2006, Abdalla et al. proposed a password-based group key exchange protocol with constant rounds and proved that protocol could resist the offline dictionary attacks in the random-oracle and ideal-cipher models. Then they proposed an open problem whether an adversary can test more than one password in the same session with online dictionary attack. To answer this question, they presented an online dictionary attack against their own protocol and declared that this new method is invalid to their protocol. In this paper, based on Abdalla et al.’s attack, we propose a modified attack and apply it to their protocol. The result shows, under the same assumption, our attack can test more than one password. We analyze the reason of this problem and develop a countermeasure to recover it. Finally, a security analysis in the random-oracle and ideal-cipher models is presented to the enhanced protocol.
Digital Object Identifier (DOI)
Yuan, Wei and Hu, Liang
"An Enhanced Password-based Group Key Agreement Protocol with Constant Rounds,"
Applied Mathematics & Information Sciences: Vol. 08
, Article 58.
Available at: https://dc.naturalspublishing.com/amis/vol08/iss5/58